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(54) Checking the Personal Identification Number of a mobile subscriber 



(57) The invention relates to method for checking a 
personal identification number (PIN) of a subscriber in 
a mobile equipment (500) employed in a mobile com- 
munications system (600). the mobile equipment con- 
taining a protected subscriber identity (I MSI, ITSI). The 
method comprises the steps of requesting (203) the us- 
er of the mobile equipment the personal identification 
number (PIN) of the subscriber, checking (103) the va- 
lidity of the personal kJentification number entered by 
the user, repeating (109) these steps provided that the 
user does not enter the valid personal kjentiftcation 
number, and. when the number of requests (203) and 
checks (103) of the identification number exceeds a pre- 
determined threshold value, blocking (111) the mobile 
equipment. According to the inventk>n, protectkm of a 
protected subscriber Identity is released (112), thus find- 
ing out the Identity of the subscriber; the subscriber iden- 
tity as well as and an Indication that the mobile equip- 
ment has been blocked are transmitted the vndbWe com- 
munications system. 
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Description 

The Field of the invention 

The Invention relates to a method for checking the s 
identification number of a subscriber in a mbbile equip- 
ment empbyed in a mobile communications system, 
said mobile equipment containing a protected subscrib- 
er identity, the method comprising the steps of: request- 
ing the user of the mobile equipment the Identification 10 
number of the subscriber, checking the valkiity of the 
identification number entered by the user, repeating 
these steps provided that the user does not enter the 
vaiki klentlflcatlon number, and, when the number of re- 
quests and checks of the identification number exceeds is 
a predetermined threshold value, blocking the mobile 
equipment. 

A first embodiment of the invention relates to a radio 
telephone or a mobile communication system in which 
the subscriber Identities and terminal equipments are 20 
permanently connected to each other as mobile sta- 
tions. Such mobile equipments are usually subscriber- 
specific and they are identified with a protected sub- 
scriber kJentity (I MSI = International Mobile Subscriber 
Identity or ITSI - Individual Tetra Subscriber Identity). 

A second embodiment of the inventkxi relates to a 
radio telephone system in which subscribers and termi- 
nal equipments are not permanently connected togeth- 
er, and particularly terminal equipments and subscriber 
identity modules, such as SIM cards (SIM = Subscriber 30 
Identity Modules), within these networi<s. Such systems 
include, for example, cellular networks comprising 
phones in which a subscriber is identified by a subscrib- 
er-specific subscriber identity module provkied in the 
phones. One example of such a cellular communication 3S 
system is the GSM system (Gk>bal System for Mobile 
Communicatrans). Another example is the TETRA 
(Trans European Trunked Radio) mobile communica- 
tion system. The TETRA mobile communication sys- 
tem, in turn, represents an example of the PMR (Private 
or Professional Mobile Radio) mobile communication 
system. It must be noted that mobile equipments ac- 
cording to the first embodiment of the present Inventbn, 
in whbh terminal equipments and sut)scribers are per- 
manently connected to each other, may also operate in ^ 
these mobile communications systems. 

Background of the Invention 

The subscriber Identity module, such asa SIM card, so 
is subscrit)er-specific, whk:h means that subscriber 
equipments are not confined to a specific subscriber. 
The subscriber identity module, such as a SIM card or 
a GSM card, is a smart card or a smart card which is 
placed in the mobile equipment and contains infonna- ss 
tkxi required for kientlfying a subscriber and for encrypt- 
ing radio traffic. A subscriber identity niodule, such as a 
SIM card, refers herein to a smart card that can be re- 



moved from a mobile equipment and that allows a sub- 
scriber to use the card controlled mobile equipment. 

If a subscriber kJentity module is empbyed, the user 
need not have a mobile equipment of his own, but a suk>- 
scriber Identity nrxxiuie is all he needs. Such a subscrib- 
er identity module can be, for example, a SIM card (Sub- 
scriber Identity Module) which Is, in a way, a phone card 
that allows the subscriber to make (and receive) calls 
from any mobile equipment of the system. The purpose 
of a SIM card, on the one hand, is to provide the mobile 
equipment with data kientifying the user safely in a pro- 
tected form, and, on the other hand, to provide servbes 
to the mobile equipment. The services include mainte- 
nance of the kJentification number (input, aiteratbn, 
etc.). calculating an encryption key by means of user 
bentity algorithms, and unbbcking a SIM card bbcked 
after an excessive number of entered false personal 
identification numbers (PIN) for example by means of a 
PUK code (PUK-code = Personal Unblocking Key). 

As an altemathre way of Implementing a SIM card 
In hand-held phones, a so-called plug-in-SIM has been 
Introduced. A plug-in-SIM is a coin-sized part containing 
the electronics of a credit card sized SIM card. It Is so 
placed in a phone that the user is not able to replace it 
with ease. The phone may also have an incorporated 
plug-in-SIM and. In additk>n, a card reader. If the card 
reader contains a card, the phone is identified on the 
basis of the extemal card, otherwise on the basis of the 
Incorporated ptug-in-SlM. The tenm subscriber Identity 
module, such as a SIM card, herein generally refers to 
both the plug-in-SIM and the smart card SIM unless ad- 
vised to the contrary. 

The general function of a SIM card is specified in 
the GSM recommendatbn 02.17, Subscriber Identity 
Modules, ETSI, of the GSM mobile communbation sys- 
tem. It defines the terms associated with a SIM card and 
sets the requirements for the security of a SIM card, 
functions of the highest level, defines the tasks for the 
network operator and the information to be stored in a 
SIM card. It also specifies the minimum requirements 
for a SIM card of a user interface of a phone, such as a 
mobile equipment, concerning for example the input and 
change of a user's Personal Identification Number 
(PIN). 

In addition, the GSM recommendation 11.11, SIM 
Applbatlon Protocol, ETSI, defines nrK>re cbsely the Is- 
sues specified by the aforementioned GSM recommen- 
dation 02.17 by defining the protocols between a SIM 
card and a mobile equipment (ME = Mobile Equipment), 
the exact contents and lengths of the data fields of the 
SIM card, as well as the matters related to mechanical 
and electrical connections. The GSM recommendatbn 
11.11 is a documentation on the basis of which engi- 
neers are expected to be able to provide the software 
and hardware implementatbn of a SIM interface. 

A problematic situation arises In the use of mobile 
communications systems when a mobile equipment 
and/or a SIM card is lost and comes into the wrong 
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hands. Thus, since losing the phone is not necessarily 
noticed immediately, the person who has stolen the mo- 
bile equipment may try breaking the PI N code of the SIM 
card by trying different codes. When an unauthorized 
user has made a sufficient number of attempts to break 
the PIN code, the SIM card may block itself in such a 
way that it cannot be activated any more by means of 
the PIN code only, but a PUK code for cancelling the 
blocking must be entered. This f unctton abne prevents 
unauthorized use of the SIM card, but it does not assist 
in identifying or neutralizing the unauthorized user in any 
way. 

When a mobile equipment Is taken into use, identi- 
fying the mobile user is usually started by requesting the 
user an identification number, such as a PIN (Personal 
ldentificatk)n Number) associated with the mobile 
equipment or the SIM card. The personal identification 
number PIN related to the user of the SIM card and the 
mobile equipment must thus be entered into the mobile 
equipment and further into the SIM card If data fields 
determined on a PIN encryption level are wished to be 
read or altered. In practice, this is done every time in 
connection with activating the telephone or inserting the 
SIM card into a card reader. 

Once the valid identification number has been en- 
tered, the card will also allow reading information locat- 
ed within a confidential area of the card memory. 

If the user enters an invalid personal identification 
number (PIN), the SIM returns the invalid code, and the 
Identlflcatbn number Is requested again. The SIM also 
increments its Internal error counter, which cannot be 
adjusted by the user in any circumstances. If the user 
enters three invalid identification numbers in a row, the 
SIM shifts into a blocked state. 

A blocked card may be re-activated, depending on 
the implementatbn, with a specific PUK Identificatbn 
number or possibly only by means of the sewice meas- 
ures can-ied out by the manufacturer, A SIM that is in 
the blocked state only receives an unblocking command 
(UNBLOCK) for a blocked SIM card. In such a case, the 
user enters the SIM card an unblock PUK code which 
is 8 digits in length. Provided that the user enters an 
invalid unblock PUK identificatbn number e.g. tor ten 
times, the SIM shifts into a permanently bkx:ked state, 
from which It can be returned only by the network oper- 
ator that has provkJed the SIM card. 

A mobile equipment that operates according to the 
prior art - in the first embodiment of the inventbn - and, 
on the other hand, a subscriber identity module i.e. a 
SIM card - in the second embodiment of the invention - 
may prevent the use of mobile equipment or corre- 
spondingly of the subscriber identity nrxxiule, that is, the 
SIM card in such a manner that when an unauthorized 
user makes a sufficient number of attempts to break the 
PIN code, that is. when the unauthorized user enters an 
Invalid PI N code for a sufficient number of times, the mo- 
bile equipment or the card blocks itself so that it can no 
longer be reactivated only by means of the PIN code, 



but some other unblocking code, such as a PUK code 
must be entered. The nrK)bile equipment or the subscrib- 
er identity module is thus deactivated provided that the 
unauthorized user knows neither the PIN code nor the 

s PUK code (PUK = Personal Unblocking Key). 

Another aspect of the matter discbsed above is the 
fact that the memory of the smart cards employed as 
subscriber identity modules, or SIM cards, is usually di- 
vided Into parts according to the fact who has an access 

10 right to the data kx:ated In the memory: the memory is 
usually divided Into three zones on the basis of the en- 
cryption class: an open, a confidential and a secret 
zone. On the confidential zone, such data Is stored that, 
in order to be read and altered, requires a PIN kientifl- 

is cation number to be entered to the card. The memory 
of such a nnobile equipment that Is not connected to a 
subscriber identity module may also be divided into 
open, secret/confidential zones in the manner described 
above. In the confidential area of both the mobile equip- 

20 ment and of the SIM card, all user-specific data is stored, 
including protected subscriber kJentitles, such as an IM- 
SI = International Mobile Subscriber Identity in the GSM 
system and an ITSI = Individual Tetra Subscriber Iden- 
tity in the TETRA system. 

2S 

Brief Description of the invention 

It is an object of the present invention to provide a 
method that allows checking the identificatbn number 

30 of a mobile subscriber and preventing an unauthorized 
use of a mobile equipment or a subscriber kJenfrty rtKxi- 
ule, that is, a SIM card. It is an object of the invention to 
improve the safety of the network operator and the user 
and to protect them against unauthorized use of nrioblle 

3S equipments and of subscriber kJentlty nrKxlules, and par- 
ticularly against attempts to use them without permis- 
sion. 

The first embodiment of the invention is achieved 
with a method of the invention, which is characterized 

40 by releasing a protection of a protected subscriber Iden- 
tity, and thus finding out the kientity of the subscriber; 
transmitting to the mobile communications system the 
subscriber identity in question and indication that the 
mobile equipment has been blocked. 

4S The second embodiment of the inventbn relates to 
a method for checking the Identification number of a 
subscriber in a mobile equipment employed in a mobile 
communications system, said nnobile equipment being 
a combination of a subscriber station and an individual 

so subscriber identity module containing a protected sub- 
scriber identity, said identity module being removably at- 
tached to the subscriber station, whereby a mobile 
equipment may be composed by attaching the subscrib- 
er identity module to any subscriber station, the method 

ss comprising the steps of: requesting the user of the mo- 
bile equipment the kientlfication number of the subscrib- 
er, checking from the subscriber identity module the va- 
lidity of the identification number entered by the user, 
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repeating these steps provided that the user does not 
enter the valid identification number, and, when the 
number of requests and checks of the identification 
number exceeds a predetermined threshold value, 
blocking the subscriber identity module. 

The second embodiment of the invention is charac- 
terized by releasing a protection of a protected subscrib- 
er identity, and thus finding out the subscriber identity; 
transmitting to the mobile communicatbns system the 
suk>scriber identity in question and indication that the 
subscriber identity module has been blocked. 

The first embodiment of the inventbn further relates 
to a mobile equipment comprising: memory means for 
storing the protected subscriber klentity, a user interface 
tor requesting the subscriber identification number from 
the user of the mobile equipment, checking means for 
checking the valkJity of the identification number (PIN) 
of the subscriber in question, a counter for counting the 
number of valklity checks of the subscriber identification 
number, blocking means responsive to said counter for 
blocking the mobile equipment when the number of 
checks exceeds a predetermined number without the 
user of the mobile equipment having entered a valid 
identification number by means of said user interface. 

The mobile equipment according to the first emkxxJ- 
iment of the invention is characterized by comprising re- 
leasing means for releasing the protectbn of the pro- 
tected subscriber identity and for finding out the sub- 
scriber identity, andtransmissk>n means for transmitting 
to the mobile communicattons system the found sub- 
scriber identity and an indication that the mobile equip- 
misnt has been bkxked. 

The second embodiment of the invention relates to 
a mobile equipment comprising: a user interface for re- 
questing the subscriber identity from the user of the mo- 
bile equipment, an individual subscriber kientity nrKxJute 
provided with a subscriber identity, said module being 
removably attached to said mobile equipment, further 
comprising checking means for checking the valkJity of 
the kientification number of the subscriber in question, 
a counter for counting the number of valkJity checks of 
the subscriber identification number, blocking means re- 
sponsive to said counter for blocking said subscriber 
identity module when the number of said checks ex- 
ceeds a predetermined number without the user of the 
mobile equipment having entered a valid kJentification 
number. 

The mobile equipment according to the second em- 
bodiment of the invention is characterized by further 
comprising releasing means for releasing the protection 
of the protected subscriber identity in the subscriber 
identity module and for finding out the subscriber iden- 
tity, and transmission means for transmitting to the mo- 
bile communk:ations system the found subscriber iden- 
tity and an indication that the subscriber kJentity module 
has been blocked. 

This application discloses a method that allows the 
mobile equipment to indicate to the system an informa- 



tion that an attempt is made at misusing the nrK>bile 
equipment or a subscriber identity nrK)dule, such as a 
SIM card, attached thereto. Misuse may refer to break- 
ing the secret identification number of the SIM card or 

s of the mobile user, for instance. 

The invention is based on the idea that a mobile 
equipment or a subscriber identity nrKxiule, that is. a SI M 
card releases the protectbn of a subscriber identity (IM- 
Sl, ITSl) when blocking itself as a result of invalid PIN 

10 codes. The SIM may thus communicate the subscriber 
identity (I MSI, ITSl) to the mobile equipment provkJed 
that it requests it subsequent to blocking of the SIM card. 
All the other informatkm on the SIM card further remains 
protected. A mobile equipment/SIM card that operates 

IS in this nrianner may indrcate towards the system the sub- 
scriber identity, the mobile equipment or SIM card cor- 
responding to whch was attempted to break by breaking 
the PIN identification number of the subscriber related 
to the mobile equipment or the SIM card in questkyi. 

20 The inventk>n discloses how to indicate to the mo- 
bile communk:ations system an attempt to break into a 
mobile equipment or a SIM card. 

The advantage of such a method and a mobile 
equipment according to the invention is the fact that they 

25 solve problems related to safety of prior art mobile com- 
munications systems and mobile equipments. 

Prk>r art courses of action are insufficient because 
an attempt to break into a mobile equipment or a sub- 
scriber kdentity module, such as a SIM card attached 

30 thereto is presumably not indicated to the system. 

In networks designed for public safety, in particular, 
such as PMR and TETRA networi^s it would be most 
desirable that an attempt to break into a mobile equip- 
ment or a SIM card attached thereto wouki be indk:ated 

35 to the system. The rndbWe equipment and the method 
of the invention alk>w this, that is, they allow the nnobile 
communications system to receive an information of 
some user attempting to break the mobile equipment or 
the subscriber Identity module for his own. unauthorized 

40 use. 

In accordance with the inventbn, when the nnobile 
network receives the Inf ornrmtion on the attempt to break 
into the mobile equipment or the SIM card, the mobile 
network may thus try to bkx:k the mobile equipment or 

^ the subscriber kJentity module that has been attempted 
to break into so that they are no longer altowed to use 
the sen/ices of the network. In additbn, the network op- 
erator or a supervisor or a duty officer of a smaller user 
group may be provided with the data related to the object 

so of the breaking attempt, and they may take the required 
steps for preventing the unauthorized use. 

Brief Description of the Drawings 

ss In the following, the invention will be discbsed in 
greater detail with reference to the attached drawings, 
in which 
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Figure 1 is a flow diagram illustrating the operation 
of a subscriber identity module according to a sec- 
ond embodiment of the invention, 
Figure 2 is a flow diagram illustrating the operation 
of a mobile equipment according to the second em- 
bodiment of the invention, and 
Figure 3 Is a block diagram illustrating the mobile 
equipment of the invention. 

Detailed Description of the Invention 

The Invention is based on the idea that a mobile 
equ^ment may unblock an encrypted subscriber iden- 
tity bcated in Its memory or on a SIM card attached to 
the mobile equipment if the SIM card has bk)cked itself 
as a result of entered invalid PIN codes. Figure 1 shows 
the operation of the method from the point of view of the 
SIM card, and Figure 2 from the point of view of the wo- 
bile equipment. After receiving the subscriber Identity 
from the SIM, the mobile equipment transmits an infor- 
mation of the attempt, along with the subscriber identity, 
to the system. 

The operation of the first embodiment of the inven- 
tion must be understood by means of a description of 
the operation of the second embodiment of the inven- 
tion. Thus, requesting and checking the subscriber-spe- 
cific PIN code (password) associated with the subscrib- 
er identity nrKxlule of the second embodiment corre- 
sponds to checking the subscriber identification number 
according to the first embodiment. 

Figure 1 is a flow chart of the operation of the sub- 
scriber identity module according to the second embod- 
iment of the invention. In step 1 01 the subscriber identity 
module, hereinafter referred to as a SIM card, starts to 
identify its user. This is carried out in step 102 by re- 
questing the user of the card or, according to the first 
embodiment of the invention, the user of the mobile 
equipment an individual PIN code of a subscriber con- 
nected to the mobile equipment or the subscriber kien- 
tity module, respectively. Once the code has been ob- 
tained, the validity of the PIN code is checked in step 
103. Provided that the PIN code provided by the user is 
valid 104. the protections of the SIM card, that is, the 
confidential memory zone of the SIM card, are released. 
Correspondingly, In the first embodiment of the Inven- 
tion, it woukt be possible to release the confidential zone 
of the memory of the mobile equipment. Subsequently, 
the operation of the mobile equipment and of the SIM 
card continues as usual. 

If, in tum. It is detected in step 103 that the PIN code 
entered to the mobile equipment is invalkJ 107. it Is 
checked 108 how many times an invalid PIN code has 
already been entered into the mobile equipment. Pro- 
vided that the number of invalid PIN codes is smaller 
109 than a predetermined threshold value, the operation 
of the mobile equipment/SIM card returns to step 102. 
where the PIN code is requested again from the user of 
the mobile equipment. 



If, in turn, it is detected in the check in step 108 that 
the maximum number of PIN codes has already been 
requested 110, the use of the SIM card or, in the second 
embodiment of the inventbn, of the mobile equipment 
s is blocked 111, Thereafter, the user can no longer use 
the SIM card or the mobile equipment without the valid 
PUK code of the SIM card in question being entered into 
the card or the mobile equipment. Foltowing this, the 
protectbn of the subscriber Ideritity code located on the 
10 SIM card or in the memory of the mobile equipment is 
released, that is, the protection of the IMSI or ITS! iden- 
tity is released so as to find out the identity. I n the second 
embodiment of the Invention, this kientity Is then first 
transmitted to the mobile equipment, whk^h. as In the 
IS first embodiment of the invention, transmits to the mo- 
bite network said identity and the indk:atbn that an at- 
tempt has been made to break the PIN code e.g. in a 
registration message. Of course, the Indicatkx) can be 
transmitted to the network in all other messages. The 
20 network is thus informed that an attempt has been made 
to break the PIN code of the mobile equipment or the 
SI M card, whereby the network or the operator may con- 
clude that the subscriber identification number In ques- 
tion is associated with a user who Is attempting at mls- 
25 using the network and the user in questbn may thus be 
blocked outside the network. 

Following this in step 11 3 the PUK code is request- 
ed from the mobile user. Thereafter, It is checked In step 
114 whether the entered PUK code Is valki. In case the 
30 entered PUK code is valid 115. a PIN code counter Is 
reset 116, whereby the user may again feed a predeter- 
mined number of 'invalid' PIN identification numbers 
without the operation of the SIM card or the mobile 
equipment being bkx:ked. In other words, the procedure 
35 . retums to step 102. in whk:h the PIN code Is requested 
from the user. 

If, in turn, the user enters an invalid PUK code 117, 
It Is checked 118 from the following counter whether a 
maximum number of invalid PUK codes has been en- 
40 tered Into the mdbWe equipment or the SIM card. In case 
the maximum number has not yet been exceeded 11 9, 
the procedure retums to step 113. where the PUK code 
is requested again from the user. If, again, the maximum 
number is exceeded 120, the SIM card or the mobile 
45 equipment is completely blocked 121 . 

Figure 2 shows a flow chart of the operation of the 
second embodiment of the invention. The operation of 
the method starts from step 201, where the mobile 
equipment receives from a subscriber identity module. 
50 such as a SIM card attached thereto a request to ask 
for the PIN identfficatk)n number from the user of the 
mobile equipment. This is an example of the operation 
in accordance with the second embodiment of the in- 
vention. In the solution according to the first embodi- 
es ment of the invention, no SIM card is attached to the 
mobile equipment, but it carries out requesting the iden- 
tification number of the subscriber and checking the va- 
lidity, and the following operation independently. After 
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receiving a request 201 from the SIM card, the mobile 
equipment concludes 202 that the code requested is a 
PIN code. Thereafter the mobile equipment requests 
203 the code in question from its user via its user Inter- 
face. The mobile equipment receives the PIN code by 
means of its user interface and transmits it 204 to the 
SIM card according to the second embodiment of the 
invention. This subscriber identity module thus carries 
out checking the PIN code in the manner described 
above in step 103 of Figure 1 and returns 205 an answer 
to the mobile equipment, which analyses 206 the mean- 
ing of the answer. In the solution according to the first 
embodiment of the invention, checking the PIN code 
and measures caused by it may of course be carried out 
in the actual mobile equipment. 

The mobile equipment acts as follows on the basis 
of the analysis of the information/answer transmitted by 
the SIM card: 

In case the SIM card has provided 207 informatbn 
that the SIM card is bkx:ked and that the user of the 
mobile equipment is requested to enter a PUK code, the 
mobile equipment requests 208, according to the inven- 
tion, the subscriber identity, that Is, an IMSI or ITSI iden- 
tity from the SIM card. The SIM card thus releases the 
protection of these identities in its own memory and 
transmits 209 a subscriber identity (IMSI, ITSI) to the 
mobile equipment. According to the first embodiment of 
the invention, the aforementioned releasing the protec- 
tion of the subscriber identity would be carried out in the 
mobile equipment, In whk:h the subscriber identity 
woukj be stored, as well. Following this, in step 210, the 
mobile equipment informs the mobile communrcation 
system according to the invention that an attempt has 
been made to break into the SIM card (the second em- 
bodiment) or the mobile equipment (the first embodi- 
ment) and that the SIM card (or nrioblle equipment) in 
question has been blocked. The mobile equipment may 
thus act as follows: 

The mobile communications system nnay temporar- 
ily disable the radio unit or the mobile equipment in 
which the SIM card has been attempted to use (tempo- 
rary disabling'). The radio unit in question thus cannot 
be used for communication, but the system may monitor 
the bcation of the radio unit in the network. 

The system may also permanently disable the radio 
unit (^permanent disabling'). 

The access of the subscriber to whom the blocked 
SIM card belongs is prevented from this on. This is done 
by labelling the subscriber in question as a 'forbidden 
subscriber' in the databases of the system, in which 
case the operatk>n of this subscriber in the network is 
restricted e.g. so that the calls of the subscriber are not 
allowed or some services are closed. 

Since after bkx:king the SIM card, the subscriber 
identity on the card may also be read by the person who 
has made the attempt on misuse, the subscriber must 
usually be labelled as a lorbidden subscriber' in each 
case. It must be noted, however, that although the sub- 



scriber identity would not be marked as forbkJden. it is 
not possible to be authenticated in the system using this 
identity because the authentication key required for au- 
thentication Is not available due to blocking the card. 

s In accordance with the invention, the attempt at mis- 
using. the card is further reported to persons supervising 
the use of the mobile communications system or e.g. to 
a duty officer or a dispatcher of a 'public safety' networie 
The person supen^lsing the use of the system may 

10 thereafter contact the legitimate owner of the SIM card 
and inquire whether the card has possibly come into the 
wrong hands. 

Subsequently, the implementatbn of the invention 
continues from step 21 1 , in whk:h the folbwing code re- 

is quested by the rrK)bile equipment and the SIM card is 
the PUK code, which must be entered correctly by the 
user in order that the PIN code can be requested again 
from the user and that the SIM card and the mobile 
equipment can be returned to use provided that the user 

20 enters the valid PIN code. Thereafter, the procedure re- 
turns 220 to step 203, in which the code is requested 
from the user. 

If, again, it is detected in step 206 that the answer 
obtained from the SIM card or the obsen^ation made by 

2S the mobile equipment (in the first embodiment) indbates 
that the user has entered a valid PIN code 212, the mo- 
bile equipment starts its operation as usual. 

If, again, it is detected in step 206 that the answer 
obtained from the S|M card or the observation of the mo- 

^0 bile equipment (in the first embodiment) indcates that 
the user has entered a valid PUK code 214, the opera- 
tion continues so that the user interface of the mobile 
equipment is reported 21 5 that the following piece of in- 
formation requested from the user is the PIN code, 

3S which, when entered correctly, allows the user to acti- 
vate the mobile equipment. The procedure thus returns 
221 to step 203. in whk:h the code is requested from the 
user. 

If, again, it is detected in step 206 that the answer 
40 obtained from the SIM card or the observation made by 
the mobile equipment (In the first embodiment) indicates 
that the user has entered an invalid PUK code 216, the 
procedure shifts 217 to step 203, in which the PUK code 
is requested again. 
4S If, again, it is detected in step 206 that the answer 
obtained from the SI M card or the observation of the mo- 
bile equipment (in the first embodiment) indicates that 
the user has entered an invalid PIN code 21 B, the pro- 
cedure shifts 219 to step 203, in which the PIN code is 
50 requested again. 

Figure 3 shows a block diagram of a radio unit ac- 
cording to the invention. The figure shows the infrastruc- 
ture (INFFiA) of the mobile communications system 600. 
The network infrastructure comprises e.g. base sta- 
tions, switching centres, databases DB and other tele- 
communications equipments. The figure shows a typical 
radio unit 500, that is, a radio telephone, mobile equip- 
ment or a subscriber station used by the subscriber 
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communicating in a mobile communications system. 
The purpose of a transceiver (TX/RX) 501 is to be adapt- 
ed to a radio channel employed at each moment, the 
mobile equipment communicating via said radb chan- 
nel with the network Infrastructure. The transceiver 501 
is connected to an antenna 502, which is connected to 
the radio path RP. Usually, radio frequencies between 
60-1000 MHz (VHP and UHF frequency ranges) are 
employed although other frequencies may be enrv 
ployed, as well. On tfie radio path PR analog or digital 
modulation may be employed. 

A user Interface 505 comprises electroacoustic 
converter means, typically an earpiece 506 and a mi- 
crophone 507 and possibly keys associated with start- 
ing, ending and dialling a call. Mobile equipments em- 
ployed in tnjnking systems may also comprise a push- 
to-talk button which must be pressed down during a 
speech tum. 

The purpose of a control unit 503 Is to control the 
operation ot the radio unit. The control unit 503 is con- 
nected to the user interface 505, which provides it e.g. 
with impulses associated with starting and ending a call. 
Via the user interface 505, the control unit 503 may also 
give the user sound signals or visual signals associated 
with the operation of the radio telephone and/or the radio 
telephone system. 

The control unit 503 is connected to the transceiver 
TX/RX 501. The channel employed by the transceiver 
is determined by the control unit 503, that is, the trans- 
ceiver 501 is tuned onto the channel, i.e. the radio fre- 
quency, determined by the control unit 503, and into a 
suitable time-slot. The transceiver 501 is also switched 
on under control of the control unit 503. The control unit 
503 receives and transmits signalling messages via the 
transceiver 501 . 

The mobile equipment or the radb unit 500 accord- 
ing to the invention may be employed e.g. in a radio sys- 
tem comprising a radio network comprising at least one 
base station and subscriber stations and possibly one 
or more repeater stations and databases DB. Said radio 
unit thus comprises a transceiver unit 501 for receiving 
transmissions transmitted by other radio units or base 
stations, and for transmitting transmissions to said other 
radio units or base stations, a control unit 503 for con- 
trolling the operatbn of the radio unit and a user inter- 
face 505. 

A mobile equipment 500 according to the first em- 
bodiment of the invention comprises memory means 
508 for storing a protected subscriber identity IMSI or 
ITSI, a user Interface 505 for requesting the subscriber 
identification number PIN from the user of the mobile 
equipment, checking means 510 for checking the valid- 
ity of said subscriber identification number PIN. counter 
511 for counting the number of validity checks of the 
subscriber identification number PIN, and blocking 
means 512 responsive to said counter 511 for blocking 
the mobile equipment when the number of said checks 
exceeds a predetermined number without the user of 



the mobile equipment having entered a valkJ identifica- 
tion number PIN by means of sab user interface 505. 

The mobile equipment 500 of the invention further 
comprises releasing means 513 for releasing the pro- 
tection of the protected subscriber identity in the sub- 
scriber identity module and for finding out the sut)scriber 
identrty, and transmission means 51 4 for transmitting to 
the mobile communications system 600 the found sub- 
scriber identity and an indbation that the mobile equip- 
ment has been blocked. 

In the mobile equipment of the inventbn. releasing 
51 3 the protection of the protected subscriber identity is 
carried out after blocking the mobile equipment 500 (see 
step 11, Figure 1). 

In the mobile equipment 500 of the inventbn, sab 
subscriber identity IMSI or ITSl and the indbatbn that 
the mobile equipment 500 has been bbcked are trans- 
mitted to the mobile communbations system e.g. in a 
registration message. 

A mobile equipment according to the second em- 
kxxliment of the inventbn comprises a user interface 
505 for requesting the subscriber identification number 
PIN from the user of the mobile equipment, a subscriber 
specific subscriber identity module SIM, 509 provided 
with a subscriber bentity, which Is removably attached 
to sab mobile equipment. 

A noobile equipment according to the second em- 
bodiment of the invention further comprises checking 
means 510 for checking the validity of said subscriber 
bentification number PIN. counter 511 for counting the 
number of validity checks of the subscriber bentification 
number PIN, and blocking means 515 responsive to 
said counter 511 for blocking the subscriber identity 
nrKxlule when the number of said checks exceeds a pre- 
determined number without the user of the mobile 
equipment 500 having entered a valid bentification 
number PIN. 

The mobile equipment of the invention further com- 
prises releasing means 516 for releasing the protectbn 
of the protected subscriber identity IMSI, ITSI in the sub- 
scriber bentity module SIM, 509, and for finding out the 
subscriber identity, and transmission means 517 for 
transmitting to the mobile communications system the 
found subscriber identity and an indication that the sub- 
scriber identity module has been blocked. 

In the nrK)bile equipment of the inventbn, releasing 
1 1 2 the protection of the protected subscriber identity is 
carried out after blocking 111 said subscriber identity 
module SIM, 509. 

In the mobile equipment of the invention, said sub- 
scriber bentity IMSI or ITSI and the indicatbn that the 
subscriber identity module SIM, 509 has been bbcked 
(step 111, Figure 1 ) are transmitted to the mobile com- 
munications system e.g. In a registration message. 

The figures and the explanation associated there- 
with are only intended to illustrate the present invention. 
In detail, the method and the mobile equipment of the 
invention may vary within the scope of the attached 
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claims. subscriber identity (IMSi, ITS!), 

The aforementioned operation in which the mobile in response to said releasing, finding put the 

equipment informs the mobile communications system subscriber Identity; 

of an attempt to break the protection of a PIN code of a transmitting (21 0) to the mobile communica- 

subscriber identity module, that is, of a SIM-card, may s tions system (600) the subscriber identity (IM- 

be implemented in two altemative manners: SI. ITSI) in question and an indication that the 

mobile equipment has been blocked. 



2. A method as claimed in claim 1 , 
10 characterized by said releasing (112) the protec- 
tion of the protected subscriber identity (IMSI, ITSI) 
taking place after blocking (111) the mobile equip- 
ment. 



(1 ) the subscriber identity IMSI, ITSI may be stored 
in such a manner that the PIN code protection does 
not apply to it. The subscriber identity may thus be 
read from the card in every case regardless of 
whether a PIN code has been entered or not and 
whether the card has blocked itself or not. Or alter- 
natively: 

(2) the subscriber identity has been stored in such 
a manner that the kJentity may be read in two cases 
only: 

a) when a valid PI N code has been entered, and 

b) when the card has been blocked as a result 
of entering Invalid PIN codes. 

I n case b) it is not possible to read other information 
from the card, except for the subscriber kientity. 

The implementation according to altemative (2) 
shown above is more f unctbnal because in that case . 
the subscriber identity can be read without a valid PIN 
code in such a case only where the card is bkxked and 
it is thus not possible for the subscriber Identity to come 
into the hands of an unauthorized user by mistake. 



Claims 

1. A method for checking a personal identification 
number (PIN) of a subscriber In a mobile equipment 
(500) employed in a mobile communications sys- 
tem (600), said mobile equipment containing a pro- 
tected subscriber identity (IMSI. ITSI), the method 
comprising the steps of: 

requesting (203) a user of the mobile equip- 
ment the personal kJentification number (PIN) 
of the subscriber, 



IS 3. A method as claimed in claim 1 , 

characterized by transmitting (210) said subscrib- 
er kJentity (IMSI, ITSI) and said indication that the 
mobile equipment has been blocked (111) to the 
mobile communk:atkxis system in a registration 

20 message. 

4. A method as claimed in claim 1 , 
characterized by labelling said subscriber identity 
as forbkiden In a databas;e of the mobile communi- 

25 cations system (600) in response to said subscriber 
identity and said indication that the mobile equip- 
ment (500) has been blocked (111), bcAh transmit- 
ted (210) to the nnobile communications system 
(600). 

30 

5. A method for checking a personal identification 
number (PIN) of a subscriber in a mobile equipment 
(500) employed in a mobile communications sys- 
tem (600), said mobile equipment being a combina- 

35 tion of a subscriber statbn (501 , 503, 505) and an 
individual subscriber identity module (509, SIM) 
containing a protected subscriber identity (IMSI, IT- 
SI), saki identity module being removably attached 
to the subscriber station, whereby a mobile equip- 

40 ment may be composed by attaching the subscriber 
identity module (509. SIM) to any subscriber sta- 
tion, the method comprising the steps of: 



requesting (203) the user of the mobile equip- 
ment the personal Identificatbn numt)er (PIN) 
of the subscriber, 

checking (103) from the subscriber dentity 
module the validity of the personal identification 
number (PIN) entered by the user, 
repeating (109) these steps provkjed that the 
user does not enter the valid personal identifi- 
cation number (PIN), and 
bkx:king (111) the subscriber identity module 
(509, SIM) when the number of requests (203) 
and checks (103) of the personal identification 
number (PIN) exceeds (110) a predetermined 
threshold value. 



checking (1 03) the validity of the personal iden- 45 
tification number (PIN) entered by the user, 
repeating (109) these steps provided that the 
user does not enter the valid identificatbn 
number, and, 

when the number of requests (203) and checks so 
(103) of the personal identification number 
(PIN) exceeds (110) a predetermined threshokl 
value, blocking (111) the mobile equipment 
(500). 

ss 

characterized by the steps of: 

releasing (112) a protection of the protected 
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characterized by 

releasing (112) a protection of the protected 
subscriber identity (IMSl, ITSI) in the subscrib- 
er Identity module (509, SIM), 
in response to said releasing, finding out the 
subscriber identity, 

transmitting (210) to the mobile communica- 
tions system (600) said subscriber identity (IM- 
Sl. ITSI) and an indication that the subscriber 
identity module (509. SIM) has been blocked. 

6. A method as claimed in claim 5, 
characterized by said releasing (112) the protec- 
tion of the protected subscriber identity (IMSl, ITSI) 
taking place after blocking (111) the subscriber 
identity module (509. SIM). 

7. A method as claimed in claim 5, 
characterized by transmitting said subscriber iden- 
tity (IMSl, ITSI) and said indication that the sub- 
scriber identity module (509, SIM) has been 
blocked (11 1 ) to the mobile communicatbns system 
(600) in a registratbn message. 

8. A method as claimed in claim 1 , 
characterized by labelling said subscriber identity 
as forbkiden in a database (DB) of the mobile com- 
municatbns system (600) in response to said sub* 
scriber identity (IMSl. ITSI) and said Indicatbn that 
subscriber identity module (509, SIM) has been 
blocked (111), transmitted (21 0) to the mobile com- 
municatbns system (600). 

9. A method as claimed in claim 4 or 8, 
characterized by sakl subscriber identity being no 
longer valid for employing the services of the mobile 
communications system in response to labelling 
said subscriber kientity (IMSl, ITSI) as forbkSden in 
the database (DB) of the mobile communbatk>ns 
system (600). 

10. A method as claimed in claim 4 or 8, 
characterized by said subscriber identity being no 
longer valid for employing the services of the mobile 
communications system, and the mobile communi- 
catbns system yet maintaining information on the 
location of said mobile equipment and/or subscriber 
identity module, in response to labelling said sub- 
scriber identity (IMSl, ITSI) as forbidden in the da- 
tabase (DB) of the mobile communications system 
(600). 

11. A method as claimed in claim 4 or 8. 
characterized by reporting saki subscriber identity 
and the attempt at misusing said personal identifi- 
catbn number (PIN) of the subscriber to the oper- 
ator of the mobile communications system in re- 



sponse to labelling said subscriber identity (IMSl, 
ITSI) as forbidden in the database (DB) of the mo- 
bile communicatbns system (600). 

s 12. A method as claimed in claim 4 or 8, 

characterized by reporting said subscriber dentity, 
subscriber data related to saki subscriber and the 
attempt at misusing sakl subscriber identification 
number to the operator of the mobile communtca- 

10 tions system in response to labelling said subscrib- 
er identity (I MSI, ITS!) as f orbkkJen In the database 
(DB) of the mobile communications system (600). 

13. A method as claimed in claim 4 or 8. 

IS characterized by reporting the attempt at misusing 
the subscriber identity module (509, SIM) and/or the 
personal identrficatk)n number (PIN) of the sub- 
scriber to the legitimate owner of the subscriber 
identity rrxxJule (509. SIM) and/or the personal 

20 identification number (PIN) of the subscriber in re- 
sponse to labelling sakl subscriber identity (IMSl. 
ITSI) as forbidden in the database (DB) of the mo- 
bile communicatbns system (600). 

2S 14. A mobile equipment (500, Figure 3) comprising: 

merTK)ry means (508) for storing a protected 

subscriber Identity (IMSl ITSI). 

a user interface (505) for requesting a personal 

30 identification number (PI N) of a subscriber from 

the user of the mobile equipment (500), 
checking means (510) for checking (103) the 
validity of said personal identification number 
(PI N) of the subscriber, 

3S a counter (511) for counting (108) the number 

of validity checks of the personal klentiffcation 
number (PIN) of the subscriber, and 
blocking means (51 2) responsive to sakJ coun- 
ter (511) for blocking (111) the mobile equip- 

40 ment when the number of said checks exceeds 

a predetermined number without the user of the 
mobile equipment having entered a valkJ per- 
sonal identification number (PIN) by means of 
sakl user interface (505). 

45 

characterized by further comprising: 

releasing means (513) for releasing (112) the 
protection of the protected subscriber identity 
so (IMSl. ITSI) and for finding out the subscriber 

kJentity, and 

transmissbn means (514) for transmitting 
(210) to the mobile communications system 
(600) the found subscriber identity and an Mi- 
ss cation that the mobile equipment has been 
bkx^ked. 

15. A mobile equipment (500) as claimed in claim 14. 



9 



17 



EP0776141 A2 



18 



characterized by said releasing (112) the protec- 
tion of the protected subscriber identity (IMSI, ITSI) 
taking place after blocking (111) the mobile equip- 
ment. 

16. A mobile equipment (500) as claimed in claim 14. 
characterized by transmitting (210) said subscrib- 
er identrty (IMSI, ITSI) and said indication that the 
mobile equipment (500) has been blocked (111) to 
the mobile communlcatkxis system (600) in a reg- 
istratkjn message. 

17. A mobile equipment (500. Figure 3) comprising: 

a user interface (505) for requesting a personal 
identification number (PIN) of a subscriber from 
the user of the mobile equipment, 
an individual subscriber identity module (SIM. 
509) provided with a subscriber identity, and re- 
movably attached to said mobile equipment 
(500), said mobile equipment further compris- 
ing 

checking means (510) for checking (103) the 
valkJity of said personal identificatbn number 
(PIN) of the subscriber, 
a counter (511 ) for counting (108) the number 
of valkiity checks of the personal ldentificatk>n 
number (PIN) of the subscriber, and 
blocking means (515) responsive to said coun- 
ter (511) for blocking (1 11) the subscriber iden- 
tity module (509, SIM) when the number of said 
checks exceeds (110) a predetermined number 
without the user of the nriobile equipment (500) 
having entered a valid personal ldentif!catk)n 
number (PIN). 

characterized by further comprising: 

releasing means (516) for releasing (112) the 
protection of the protected subscriber identity 
(IMSI. ITSI) in the subscriber identity module 
(SIM. 509) and for finding out the subscriber 
identity, and 

transmission means (517) for transmitting 
(210) to the mobile communicatk)n8 system 
(600) the found subscriber klentity and an indi- 
cation that the subscriber identity module (SIM, 
509) has been blocked (111). 

18. A mobile equipment (500) as claimed in clainri 17, 
characterized by said releasing (112) the protec- 
tion of the protected subscriber identity (IMSI. ITSI) 
taking place after bk)cking (111) said subscriber 
identity module (SIM. 509), 

19. A mobile equipment (500) as claimed in claim 17, 
characterized by transmitting (210) said subscrib- 
er identity (IMSI. ITSI) and said indication that sub- 



scriber identity module (SIM, 509) has been 
bkx:ked (1 1 1 ) to the mobile communications system 
(600) in a registration message. 
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